Add limited patch for CVE-2021-28041 from upstream.

2 files changed, 33 insertions, 1 deletions

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index eb1a332b0c21..65b590d3e38c 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	8.4p1
-PORTREVISION=	3
+PORTREVISION=	4
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable
diff --git a/security/openssh-portable/files/patch-zz-8.4-CVE-2021-28041 b/security/openssh-portable/files/patch-zz-8.4-CVE-2021-28041
new file mode 100644
index 000000000000..4ac4a7061cb6
--- /dev/null
+++ b/security/openssh-portable/files/patch-zz-8.4-CVE-2021-28041
@@ -0,0 +1,32 @@
+untrusted comment: verify with openbsd-68-base.pub
+RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws=
+
+OpenBSD 6.8 errata 015, March 4, 2021:
+
+Double free in ssh-agent(1)
+
+Apply by doing:
+    signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \
+        -m - | (cd /usr/src && patch -p0)
+
+And then rebuild and install ssh (as well as ssh-agent)
+    cd /usr/src/usr.bin/ssh
+    make obj
+    make clean
+    make
+    make install
+
+Index: usr.bin/ssh/ssh-agent.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v
+diff -u -p -u -r1.264 ssh-agent.c
+--- ssh-agent.c	18 Sep 2020 08:16:38 -0000	1.264
++++ ssh-agent.c	3 Mar 2021 01:08:25 -0000
+@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e)
+ 				goto err;
+ 			}
+ 			free(ext_name);
++			ext_name = NULL;
+ 			break;
+ 		default:
+ 			error("%s: Unknown constraint %d", __func__, ctype);